Are you a Google Chrome user? High-rated security vulnerabilities have already been discovered in version 80 of Google Chrome. The Cybersecurity and Infrastructure Security Agency is encouraging Google users to update again just weeks after the Chrome 80 release. Here’s what you need to know.

There’s a fresh remote code execution (RCE) vulnerability in OpenSMTPD, and by extension in OpenBSD. Yes, it feels like déjà vu all over again.

The severity of the vulnerability, CVE-2020-8794, means that anyone running a public-facing OpenSMTPD deployments should update as soon as possible.

OpenBSD’s developers describe the issue as a “an out of bounds read in smtpd [that] allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.”

Kali Linux is the world's most popular offensive-security-optimized Linux distro. Maintained and managed by the fine folks at Offensive Security, Kali was born in 2006 as BackTrack Linux, but after a major refactoring in 2013 got the name Kali. What does the name mean? Well, we'll get to that.

The new bill, that will allow the police to use trojans or virus programmes to tap into the chats, is expected to be voted through parliament on Thursday. Home Affairs Minister Mikael Damberg says he is convinced it will lead to more convictions.

A while back I wrote about a bunch of vulnerabilities in McAfee WebAdvisor, a component of McAfee antivirus products which is also available as a stand-alone application. Part of the fix was adding a bunch of pages to the extension which were previously hosted on siteadvisor.com, generally a good move. However, when I looked closely I noticed a Cross-Site Scripting (XSS) vulnerability in one of these pages (CVE-2019-3670).

Now an XSS vulnerability in a browser extension is usually very hard to exploit thanks to security mechanisms like Content Security Policy and sandboxing. These mechanisms were intact for McAfee WebAdvisor and I didn’t manage to circumvent them. Yet I still ended up with a proof of concept that demonstrated how attackers could gain local administrator privileges through this vulnerability, something that came as a huge surprise to me as well.

Some Fedora spins have already made use of swap on zRAM for serving as a compressed RAM drive while with Fedora Workstation 33 they are looking to make use of zRAM by default.
ZRAM has been used for a while by other Linux distributions and the likes of Chrome OS and Android even for more efficient swap usage. One could argue it's long overdue but for Fedora Workstation 33 they are looking at automatically providing a swap-on-zram setup out-of-the-box.

While we have amazing open source alternatives to Microsoft Office, it’s always good to have more options supported for Linux.
For that very same reason, the latest release of SoftMaker – Office 2021 grabbed my attention.
SoftMaker Office suite is a collection of TextMaker (word), PlanMaker (spreadsheets), and Presentation program.
It is a cross-platform solution which is available for Linux, Windows, and macOS.

A group of [attackers] executed a successful attack this week on shipbuilder Fincantieri SpA’s Norwegian unit, an Italy-based representative for the company said, confirming local reports.

Servers at the Norwegian unit, Vard Group AS, were infected with a ransomware, and the company “took in place all the actions needed to solve the issue,” the spokesman said. He said none of Fincantieri’s servers were involved in the attack.

OSS: Events, Google Summer of Code and More

The COVID-19 pandemic disturbed the work of event organizers everywhere. To slow the spread of this highly contagious virus, conferences that tend to host thousands in person faced a choice: Move entirely online, or cancel altogether. Many open source event organizers chose the latter, but not all of them.
Open Source 101 was due to be held in Austin, TX, on April 14. Instead, it hosted 1,000 attendees virtually. Later this month, the Linux Foundation will host the annual North American contingent of its Open Source Summit online. And rather than hosting DrupalCon around the world as planned, the Drupal Association will host DrupalCon Global online from July 14 - 17.
[...]
On a personal note, I've shared before how I started contributing to open source after attending a huge conference where I met several community leaders. By meeting and making connections face to face, I got plugged in much faster than if I had stumbled onto GitHub and searched through random projects. I fully support public health efforts to keep people safe, and haven't found virtual events to be a strong substitute for the informal conversations in the "hallway track."

I have submitted two talks proposals to Akademy. Earlier Albert called for more proposals, so let me repeat his reminder: send your talks proposals early to reduce panic in the programme committee. Anyone can join! And all things KDE and Qt related are good, as well as interesting stuff on the edge of the KDE community.
[...]
So be part, and send in your tale of KDE community activity.

This week, I started working on the Rocs graph layout capabilities. The Fruchtermani-Reingold [1] algorithm seems to be the most common option for drawing graphs automatically when no extra information about the graph is known. In fact, the Boost library implementation of this algorithm is currently being used by Rocs. However, the Fruchtermani-Reingold algorithm has some parameters that can change its results deeply. In order to better understand the algorithm and how different parameterizations lead to different results, I wrote my own C++ implementation directly in the Rocs’ libgraphtheory. This allowed me to generate debug information during the execution of the algorithm.
Unfortunately, tuning the parameters directly into the implementation is time consuming. Automatic parameter tuning solutions can not be applied in a trivial way, because the quality of the result obtained for a given parameterization is quite subjective. Therefore, I decided to make my manual tuning and evaluation process more efficient by creating a user interface that will allow me to choose parameter values and apply the algorithm to the current graph. Because I am new to Qt and the way to do this is to implement a Rocs’ plugin, it is not done yet. Creating such interface was already in my plans, but I expected to do it later.

Over the past week, I’ve been thinking a lot about George Floyd, Breonna Taylor, and Ahmaud Arbery. I have been thinking about white supremacy, the injustice that Black women and men are standing up against across the world, and all the injustices I can’t know, and don’t see.
The WordPress mission is to democratize publishing, and to me, that has always meant more than the freedom to express yourself. Democratizing publishing means giving voices to the voiceless and amplifying those speaking out against injustice. It means learning things that we otherwise wouldn’t. To me, it means that every voice has the ability to be heard, regardless of race, wealth, power, and opportunity. WordPress is a portal to commerce; it is a canvas for identity, and a catalyst for change.
[...]
If you would like to learn more about how to make a difference in your own community, here are a few resources I’ve gathered from WordPressers just like you.

Servers: Kubernetes, Compression and Debian Activities

Kubernetes celebrates its sixth birthday on June 7: One of the fastest-growing open source projects ever, it’s driving significant change in enterprise IT, helping developers manage containers at scale. Moreover, it helps them develop applications faster and manage resources in automated ways. That’s important not only in DevOps and agile environments, but also in any enterprise IT environment pushing for faster software development and more experimentation. And any CIO or IT leader will tell you, the CEO’s biggest wish right now is faster response to customer needs and outside changes - most recently, a global pandemic.
How much Kubernetes growth are we talking about? According to the CNCF Cloud Native Survey for 2019, 78 percent of respondents were using Kubernetes in production, up from 58 percent the previous year.

For distributions like Debian which have large archives of files that are compressed once and transferred a lot the “zstd --ultra -22” compression might be useful with multi-threaded compression. But given that Debian already has xz in use it might not be worth changing until faster CPUs with lots of cores become more commonly available. One could argue that for Debian it doesn’t make sense to change from xz as hard drives seem to be getting larger capacity (and also smaller physical size) faster than the Debian archive is growing. One possible reason for adopting zstd in a distribution like Debian is that there are more tuning options for things like memory use. It would be possible to have packages for an architecture like ARM that tends to have less RAM compressed in a way that decreases memory use on decompression.
For general compression such as compressing log files and making backups it seems that zstd is the clear winner. Even bzip2 is far too slow and in my tests zstd clearly beats gzip for every combination of compression and time taken. There may be some corner cases where gzip can compete on compression time due to CPU features, optimisation for CPUs, etc but I expect that in almost all cases zstd will win for compression size and time. As an aside I once noticed the 32bit of gzip compressing faster than the 64bit version on an Opteron system, the 32bit version had assembly optimisation and the 64bit version didn’t at that time.

The 10 Best Mailing List Managers for Linux System in 2020

If you were looking for mailing list managers for Linux, then you are in the right place. Email list managers are handy tools in the world of business and marketing. Not only that, but these tools are also great for email discussions and knowledge sharing. Email marketing is always considered one of the most effective ways to communicate with customers.
If you are an internet user, then you might have subscribed to many services for their regular newsletter. This thing is done by using mailing list managers. When there were not many convenient services like Facebook groups or Quora, people used to have email discussions on certain topics. Nowadays, these are not very common. But you should know that the mailing list management tools are keeping that services running.

Exciting Features Coming up in KDE Plasma 5.20

KDE Plasma desktop environment version 5.20 is currently is in the development phase and some of the exciting feature highlights announced in the developer blog.